PRIVATICS - 2019 - Annual activity report

PRIVATICS

PRIVATICS - 2019

Project-Team Privatics

Team, Visitors, External Collaborators

Overall Objectives

Context

Application Domains

Highlights of the Year

New Software and Platforms

New Results

Differential Inference Testing
Analyse des impacts de la reconnaissance faciale - Quelques éléments de méthode (in French)
Towards a generic framework for black-box explanation methods
A generic information and consent framework for the IoT
Analysis of privacy policies to enhance informed consent
Understanding algorithmic decision-making: Opportunities and challenges, Study for the European Parliament (STOA)
Saving Private Addresses: An Analysis of Privacy Issues in the Bluetooth-Low-Energy Advertising Mechanism
Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile
Privacy implications of switching ON a light bulb in the IoT world
Security Analysis of Subject Access Request Procedures How to authenticate data subjects safely when they request for their data
Plausible Deniability for Practical Privacy-Preserving Live Streaming
Protecting motion sensor data against sensitive inferences through an adversarial network approach
Inria white book on Cybersecurity: Current challenges and Inria's research directions
Inspect what your location history reveals about you - Raising user awareness on privacy threats associated with disclosing his location data
Pseudonymisation techniques and best practices

Partnerships and Cooperations

Dissemination

Bibliography

Publications of the year

Previous |

Home | Next next

Section: New Results

A generic information and consent framework for the IoT

Participants : Daniel Le Métayer, Mathieu Cunche, Victor Morel.

The development of the Internet of Things (IoT) raises specific privacy issues especially with respect to information and consent. People are generally unaware of the devices collecting data about them and do not know the organizations operating them. Solutions such as stickers or wall signs are not effective information means in most situations. As far as consent is concerned, individuals do not have simple means to express and communicate it to the entities collecting data. Furthermore, the devices used to collect data in IoT environments have scarce resources; some of them do not have any user interface, are battery-operated or operate passively. The Working Party 29 (now “European Data Protection Board”) advocates the design of new consent mechanisms, such as “privacy proxies”, on the devices themselves. Starting from their recommendations, we have defined general requirements that have to be met to ensure that information and consent are managed in a manner that is satisfactory both for data subjects and for data controllers. We have shown in [8] how these requirements can be implemented in different situations, in particular through declaration registers and beacons. Depending on the context and the types of devices involved, not all technical options are always possible. In order to provide guidance to IoT system designers, we have outlined the main choice factors in the design pace are illustrated the framework with several challenging case studies. We have also implemented a Proof of Concept prototype implementation of these techniques.

Previous |

Home | Next next